Adapt v2 with merged PR

2020-05-01 21:22:34 +02:00 · 2020-05-01 21:22:34 +02:00 · 09c68d7d12
parent 58dbdb957d
commit 09c68d7d12
6 changed files with 22 additions and 78 deletions
--- a/Docker/mattermostldap/Dockerfile
+++ b/Docker/mattermostldap/Dockerfile
@ -10,6 +10,9 @@ RUN set -x \
    && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
    && docker-php-ext-install ldap

+# Enable development php.ini config (Solve empty answer from token.php)
+RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
+
 # Get Mattermost-LDAP project
 RUN git clone https://github.com/crivaledaz/Mattermost-LDAP.git /opt/Mattermost-LDAP/

--- a/Docker/php-ldap-pgsql/Dockerfile
+++ b/Docker/php-ldap-pgsql/Dockerfile
@ -9,4 +9,5 @@ RUN set -x \
    && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
    && docker-php-ext-install ldap

+# Enable development php.ini config (Solve empty answer from token.php)
 RUN ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
--- a/env.example
+++ b/env.example
@ -8,10 +8,10 @@
 #

 # Client ID token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token.
-client_id = 123456789abcdef123456789abcdef
+client_id = "123456789abcdef123456789abcdef"

 # Client Secret token. Must be a random hex value. Use `openssl rand -hex 32` to generate a token.
-client_secret = fedcba987654321fedcba987654321
+client_secret = "fedcba987654321fedcba987654321"

 # Redirect URI use by Oauth server to redirect user after authentifictaion process. Must be the same than as Mattermost give to Oauth server.
 redirect_uri = "http://localhost/signup/gitlab/complete"
@ -30,13 +30,13 @@ user_id = ""
 #

 # Username for the PostgreSQL administrator account
-POSTGRES_USER = postgres
+POSTGRES_USER = "postgres"

 # Password for PostgreSQL administrator account
-POSTGRES_PASSWORD = rootroot
+POSTGRES_PASSWORD = "rootroot"

 # Method to use for connection to database
-POSTGRES_HOST_AUTH_METHOD = trust
+POSTGRES_HOST_AUTH_METHOD = "trust"

 # Oauth user to connect the database
 db_user = "oauth"
@ -61,16 +61,16 @@ db_type = "pgsql"
 #

 # LDAP host or IP
-ldap_host = ldap://ldap.company.com:389/
+ldap_host = "ldap://ldap.company.com:389/"

 # LDAP port
-ldap_port = 389
+ldap_port = "389"

 # LDAP protocol version
-ldap_version = 3
+ldap_version = "3"

 # Unique identifier for entry in LDAP
-ldap_search_attribute = uid
+ldap_search_attribute = "uid"

 # Base DN to search from in LDAP
 ldap_base_dn = "ou=People,o=Company"
--- a/oauth/authorize.php
+++ b/oauth/authorize.php
@ -70,13 +70,11 @@ else if (empty($_POST)) {
                            &nbsp; <strong>E-mail</strong><br/>
                        </td>
                    </tr>
-                    <tr>
-                      <td>
-                        Login as : <strong>' . $_SESSION['uid'] . ' </strong> <button type="submit" class="link" name="disconnect" value="true" ><span>(not me ?)</span></button>
-                      </td>
-                    </tr>
                </table>
-                <br>
+                <br/>
+                Logged as : <strong>' . $_SESSION['uid'] . ' </strong> <button type="submit" class="link" name="disconnect" value="true" ><span>(not me ?)</span></button>
+                <br/>
+                <br/>

                <form method="POST">
                    <input type="submit" value="Authorize" name="authorized" id="input_accept" class="input_field">
@ -96,6 +94,9 @@ else {
 // Print the authorization code if the user has authorized your client
 $server->handleAuthorizeRequest($request, $response, $is_authorized,$_SESSION['uid']);

+// Authentication process is terminated, session can be destroyed.
+$_SESSION=array();
+
 if ($is_authorized)
 {
  // This is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
--- a/oauth/connexion.php
+++ b/oauth/connexion.php
@ -1,60 +0,0 @@
-<?php
-session_start();
-/**
- * @author Denis CLAVIER <clavierd at gmail dot com>
- */
-
-// include our LDAP object
-require_once __DIR__.'/LDAP/LDAP.php';
-require_once __DIR__.'/LDAP/config_ldap.php';
-
-
-// Verify all fields have been filled
-if (empty($_POST['user']) || empty($_POST['password'])) {
-    echo 'Please fill in your Username and Password<br /><br />';
-    echo 'Click <a href="./index.php">here</a> to come back to login page';
-} else {
-    // Check received data length (to prevent code injection)
-    if (strlen($_POST['user']) > 15) {
-        echo 'Username has incorrect format ... Please try again<br /><br />';
-        echo 'Click <a href="./index.php">here</a> to come back to login page';
-    } elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) {
-        echo 'Password has incorrect format ... Please try again<br /><br />';
-        echo 'Click <a href="./index.php">here</a> to come back to login page';
-    } else {
-        // Remove every html tag and useless space on username (to prevent XSS)
-        $user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));
-        $password=$_POST['password'];
-
-        // Open a LDAP connection
-        $ldap = new LDAP($ldap_host, $ldap_port, $ldap_version);
-
-        // Check user credential on LDAP
-        try {
-            $authenticated = $ldap->checkLogin($user, $password, $ldap_search_attribute, $ldap_filter, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_pass);
-        } catch (Exception $e) {
-            $resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));
-            $authenticated = false;
-        }
-
-        // If user is authenticated
-        if ($authenticated) {
-            $_SESSION['uid']=$user;
-
-            // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
-            if (isset($_SESSION['auth_page'])) {
-                $auth_page=$_SESSION['auth_page'];
-                header('Location: ' . $auth_page);
-                exit();
-            } else {
-                echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";
-            }
-        }
-        // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
-        else {
-            echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";
-            echo 'Click <a href="./index.php">here</a> to come back to login page';
-            echo '<br /><br /><br />' . $resp;
-        }
-    }
-}
--- a/oauth/style.css
+++ b/oauth/style.css
@ -32,8 +32,7 @@ table {
    margin-left: auto;
    margin-right: auto;
    font-size: larger;
-    border-style: solid;
-    border-width: 2px;
+    border: none;
    margin-top: 5%;
 }

@ -191,7 +190,7 @@ button {
 }
 button.link {
    font-family: "Verdana" sans-serif;
-    font-size: 7pt;
+    font-size: 2pt;
    text-align: left;
    color: blue;
    background: none;